vrf

package

v0.0.20 Latest Latest Go to latest Published: May 14, 2026 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flare-foundation/tee-node

Links

Open Source Insights

Documentation ¶

Index ¶

func HashToZn(msg []byte) *big.Int
func VerifyRandomness(proof *Proof, pk *ecdsa.PublicKey, nonce []byte) error
type Point
- func (p *Point) IsOnCurve() bool
- func (p *Point) ValidatePoint() error
type Proof
- func VerifiableRandomness(key *ecdsa.PrivateKey, nonce []byte) (*Proof, error)
- func (proof *Proof) RandomnessFromProof() (common.Hash, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HashToZn ¶

func HashToZn(msg []byte) *big.Int

HashToZn hashes an arbitrary message to a scalar in Z_N (the secp256k1 group order).

func VerifyRandomness ¶

func VerifyRandomness(proof *Proof, pk *ecdsa.PublicKey, nonce []byte) error

VerifyRandomness verifies that the provided randomness corresponds to the provider's public key and nonce. Used for off-chain checks; actual verification is done by the VRFVerifier contract on-chain.

Full verification requires four independent checks:

U == c·pk + s·G (prover knows sk such that pk = sk·G)
CGamma == c·gamma (CGamma is correctly derived from gamma and c)
V == CGamma + s·h (V is correctly derived from gamma, h, c, s)
c == HashToZn(Pack(G, h, pk, gamma, U, V))

Types ¶

type Point ¶

type Point struct {
	X *big.Int
	Y *big.Int
}

func Add ¶

func Add(p1 *Point, p2 *Point) (*Point, error)

Add returns P1 + P2, where P1 and P2 are provided points of the group.

func HashToCurve ¶

func HashToCurve(msg []byte) *Point

HashToCurve hashes an arbitrary message to a point in an elliptic group.

func ScalarBaseMult ¶

func ScalarBaseMult(k *big.Int) (*Point, error)

ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer.

func ScalarMult ¶

func ScalarMult(p *Point, k *big.Int) (*Point, error)

ScalarMult returns k*P, where P is provided point of the group and k is an integer.

func (*Point) IsOnCurve ¶

func (p *Point) IsOnCurve() bool

IsOnCurve reports whether the point lies on the secp256k1 curve.

func (*Point) ValidatePoint ¶

func (p *Point) ValidatePoint() error

ValidatePoint checks that the point is non-nil and lies on the secp256k1 curve.

type Proof ¶

type Proof struct {
	Gamma *Point   // gamma = sk · HashToCurve(nonce)
	C     *big.Int // challenge scalar
	S     *big.Int // response scalar  s = k − sk·c mod N

	// Witness points (computed off-chain, verified on-chain via ecrecover)
	U      *Point   // u = c·pk + s·G
	CGamma *Point   // c·gamma  (intermediate for verifying V)
	V      *Point   // v = c·gamma + s·h
	ZInv   *big.Int // modInv(CGamma.X − V.X, P); field element in [1, P)
}

Proof represents a generated verifiable randomness together with a proof of its correctness. It mirrors the Proof struct in VRFVerifier.sol.

The four witness points (U, CGamma, V, ZInv) are pre-computed by VerifiableRandomness and are required by the on-chain VRFVerifier contract to avoid expensive secp256k1 scalar multiplications or BigModExp inside the EVM.

func VerifiableRandomness ¶

func VerifiableRandomness(key *ecdsa.PrivateKey, nonce []byte) (*Proof, error)

VerifiableRandomness creates a deterministic verifiable randomness (with proof) given a private key and a nonce.

func (*Proof) RandomnessFromProof ¶

func (proof *Proof) RandomnessFromProof() (common.Hash, error)

RandomnessFromProof extracts the verifiable randomness output from a valid proof by hashing the gamma point coordinates.

Source Files ¶

View all Source files

vrf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL